2.
Introduction
________________________________________________________
Social Media holds so many rich promises today for business. Tapping into the
millions of potential customers on Facebook or tweeting to followers on Twitter, to
connecting with customers 24/7 seems like such a slam dunk for an organization. Yet
the decision is not so clear cut today for healthcare organizations. Avoiding the risk
of violating HIPAA1, many healthcare organizations have taken a wait and see
approach. Turning to these turnkey social media solutions can be risky for your
users. This paper will examine the significant changes to Facebook and other social
media and their effect on your users’ experience. Issues that are specific to a patient
or other health care user will be considered. Examine why choosing only this
approach to connecting with your online patients could in the long run be less
effective and offer your patient’s a less secure environment. We will explore how
best to use these social media tools, matching functionality with security of the
system environment, eventually weaving them into a more coordinated and effective
social media strategy.
User Privacy
________________________________________________________
With Facebook announcing significant changes to user privacy as they were
happening, hospitals had little time to even warn their users to protect their PHI
(confidential, personal, identifiable health information per HIPAA). Users are required
to go through a complicated and confusing opt-out process to keep private
information from being shared with 3rd party websites. Facebook also introduced a
new “Instant Personalization Pilot Program” that defaulted users to allow select
Facebook business partners to access personal information of users, aggregate the
information, and use and share this information.
As privacy policies and procedures are not controlled by the healthcare organizations
on Facebook, there is little the hospital can do to stop this from happening. It is
under the whim and control of management of these social media companies. These
actions may seem harmless to the CEO’s of these companies but revealing a
personal health issue to one’s employer, family member, etc. without patient
authorization can change the lives of some patients in devastating ways. And it
could be in violation of HIPAA.
Hospitals and physician offices typically follow strict policy and procedure when it
comes to patient privacy. HIPAA regulation established appropriate safeguards that
health care providers and others must adhere to protect the patient privacy of health
information.
1
Health Insurance Portability and Accountability Act (HIPAA) of 1996, HIPAA was enacted in part to
maintain the privacy of patients' medical and personal information by creating national standards to
protect individuals' medical records and other protected health information (PHI).
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
2

3.
The general rule is to release the minimum amount of information to as few persons
as reasonably needed for the purpose of the disclosure. Facebook’s actions were at
the other end of the spectrum in protecting its users’ private information.
In the past Facebook has reset users' privacy settings. Users found information
published to their Facebook “wall” and thus visible to anyone not just friends when
they thought they had previously indicated in their settings not to have this
information published publicly. Defenders of these actions profess that Facebook is
not responsible for user privacy but the users themselves. They say users should
know anything posted on Facebook can and will become public so users should not
post anything that they don’t want the public to see. If this is true, then healthcare
organizations must consider using Facebook in limited ways so that a follower of
their page doesn’t expose private information.
The recent actions of Facebook redefined privacy settings for users requiring that
they opt out of exposing their personal information to the public. The greatest
concern was that they made it so complex to opt out – requiring the clearing of
numerous checked options scattered in various privacy settings. This complexity
would be a challenge for the senior users.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
3

4.
Facebook had reset their private instant personalization defaulting them to opt-in
status. Users, potentially your patients, must go into their settings and turn off these
settings. Unaware users will find that their profile information such as interests, work
and school experience has been made public to certain services. The enticement to
the user is that they will gain a more “customized experience” on Facebook.
If a patient had listed an interest in diabetes research the assumption could be made
that they or family members have diabetes. The user may begin to receive
information from Facebook businesses related to diabetes. Without their permission,
others are reading the sometimes personal and private information that the user
thought was protected by Facebook privacy policy. To prevent this exposure, users
must clear individual setting to opt out.
At the moment, only three sites have this extra ability, which Facebook calls “instant
personalization” — they are Docs.com (an online document-hosting and editing site
from Microsoft), the music site Pandora and the review site Yelp. These changes,
making it difficult for the user to protect their privacy, have not gone unnoticed.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
4

5.
Facebook and Twitter Get Headlines
________________________________________________________
According to the ACLU online newsletter ~
“Earlier this week, following up on its recent policy changes, Facebook announced its
plans to create more dynamic profiles using "Connections." What exactly counts as a
connection wasn't clearly defined but seems to include things like friends lists, likes
and interests, events, groups, and activities.
More importantly, it's also unclear whether users will have real control over how
their connections are shared. Both Facebook's Monday announcement and its recent
policy changes have suggested that users cannot prevent applications (also know as
"apps"), pages, and other third parties from accessing these connections. They may
be able to "hide" them from other Facebook users but not from the government,
advertisers, or anyone else with the ability and incentive to create apps or pages.
However, new documents for app developers point to the Extended Permissions page
which requires apps and pages to explicitly ask for user permission before accessing
various "connections"—including interests, events, groups, and location.
If Facebook believes that you "should have control over what you share," it should
resolve this by giving users real control over whether their connections can be
accessed by apps and pages. Doing so still won't resolve other issues, like the "app
gap" that allows your friends' applications to view your personal information without
your knowledge or consent, but it would be a step in the right direction.”~ ACLU
April 2, 2010
Recently Twitter revealed a bug – one that allows users to make anyone “follow
them.” This could lead to your hospital following causes that it does not support or
businesses and consultants it does not do business with:
“Twitter has provided the following update to its status blog: “We identified and
resolved a bug that permitted a user to “force” other users to follow them. We’re
now working to rollback all abuse of the bug that took place.”
~ “Twitter Bug Lets You Control Who Follows You,” by Adam Ostrow
http://mashable.com/2010/05/10/twitter-follow-bug/
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
5

6.
Facebook Gains the Attention of Congress- Would
You Want This Kind of Attention?
________________________________________________________
According to the April 25th New York Cyper Safety Examiner
http://www.examiner.com/x-39476-NY-Cyber-Safety-Examiner~y2010m4d25-NY-
Senator-Charles-Schumer-challenges-safety-of-Facebook-MySpace-and-Twitter
“New York Senator Charles Schumer pressed the Federal Trade Commission (FTC) to
provide guidelines for social networking sites like Facebook, MySpace and Twitter, on
the dissemination of private information submitted by online users. Schumer wants
the Federal Trade Commission to provide guidelines for sites like Facebook and
Twitter on how a user's private information can be used.
WABC TV (New York) reports that Schumer warns that these changes by Facebook
change the relationship between the user and the social networking site. Before now,
users had the choice to determine what information of theirs was shared and what
was kept private. These new policy changes alter that relationship, and Schumer
says there is little guidance on what social networking sites can and cannot do or
what disclosures are necessary to consumers.
Schumer says the new common interest pages are a great source of marketing data
that could be used for spam and potentially scammers.
He also expressed his concern to the FTC about the collection and sharing of data on
these social networking sites and the disclosure process by which users are notified
that their private information is being shared. He added that there are no guidelines
for user privacy on social networking sites like Facebook, Myspace and Twitter and
that ever-changing privacy policies adopted by networks are confusing.
Schumer asked chairman of the FTC to examine the privacy disclosures of social
networking sites to ensure they are not misleading or fail to fully disclose the extent
to which they share information. He also urged the FTC to provide guidelines for use
of private information and prohibit access without user permission.”
Privacy loopholes even catch Facebook founder offguard:
Ka-Ping Yee, a Google software engineer quickly uncovered what appeared to be a
privacy loophole in Facebook’s new strategy of connecting the Web. It seemed that
others who were not accepted as a “friend” could view public events that the
Facebook user had planned to attend despite the user adjusting their privacy
settings. He demonstrated the loophole on his blog by showing a list of Facebook
founder Mark Zuckerberg's planned events. Events can contain revealing information
such as home addresses, names of friends, political or religious activities and the
like, Yee pointed out.
Imagine, board members of your hospital having their event plans exposed to attend
prolife or pro-choice events?
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
6

7.
If under HIPAA law healthcare organizations and providers have an obligation to
protect their patients health information, imagine the responsibility of keeping up
with the ongoing changes that these various social media companies make affecting
the privacy of users. Your organization would have to assess if the changes
compromised PHI and have to educate your users as to the appropriate use of this
new tool or changes in order to protect their PHI.
Facebook has reacted to the public protests and tried to make it simpler to opt-out
but note the last comment on this page: “your friends may still share public
Facebook information about you to personalize their experience on these partner
sites unless you BLOCK the application.”
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
7

8.
To Like or Not To Like
________________________________________________________
Today’s Facebook is forcing people to decide whether they like a page before they
even go onto the page. By liking a page, the page owner gains access to your
personal information as well as your friends personal information. Due to privacy
changes many users do not realize this has happened and have not changed their
privacy settings.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
8

9.
The consequence to Facebook users who choose not to “Like pages” that Facebook
suggests is that Facebook then disables your education and work info. This may be
exactly the right thing to happen as the message from Facebook is if you don’t want
the public to access these details about your personal life then don’t post them on
our site.
Other issues that point to users rejecting and protesting the recent Facebook pages:
• Today Facebook Chat is down for maintenance following a report that
exposed a Facebook security bug. 5/5/10
• To access my profile Facebook is “demanding” that I “Like” pages that
Facebook has decided I should like, notice there is no opt out Link All
to My Profile or Choose Individually.
• The consequence to Facebook users who choose not to like pages that
Facebook suggests is that Facebook then disables your education and
work info.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
9

10.
Will the Real Face Page Please Standup?
________________________________________________________
Given the recent concerns raised about Facebook and its disregard for protecting its
users’ privacy, hospitals that are entering into this social media sphere to connect
with patients need to be concerned.
It appears that some hospitals are proceeding cautiously. Signing up to reserve their
names on Facebook but not activating full on. This makes the search for these
hospitals for the users confusing and difficult.
Like button
with only 3
people who
“like” the
page
No photo
of
hospital
or limited
info such
as no
address
contact or
mission
statement
No
posting
on wall
by Maine ______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
Med Ctr. www.myhealthcommunity.net 603-553-2997
10

11.
Search problems exist. Official Newton-Wellesley Hospital page has a hyphen in
Facebook search name but a consumer would not know this. Hospitals try to resolve
this by creating pages to redirect consumers. This only adds to the confusion.
See example from Newton-Wellesley page:
No photo
of hospital
or limited
info such as
no address
contact or
mission
Newton
Wellesley
is posting
to wall.
Like
button
with only
3 “likers”
Official
Newton-
Wellesley
Hospital
Page
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
11

13.
The Facts About Facebook that Keep Us Coming
Back?
________________________________________________________
With this examination of the different social media tools, it is clear health care
organizations who are interested in protecting their users from inadvertently
revealing too much of their personal and protected health information may choose
not to interact too openly with their community on these public-facing sites. Some
may leave Facebook and Twitter. But for many healthcare organizations being in the
conversation with the Facebook audience is too tempting. Given the current statistics
shared by Facebook on their users and their activities is convincing to most hospital
marketing executives that it is a rich venue to reach potential customers:
People on Facebook
* More than 400 million active users
* 50% of our active users log on to Facebook in any given day
* Average user has 130 friends
* People spend over 500 billion minutes per month on Facebook
Activity on Facebook
* There are over 160 million objects that people interact with (pages, groups and
events)
* Average user is connected to 60 pages, groups and events
* Average user creates 70 pieces of content each month
* More than 25 billion pieces of content (web links, news stories, blog posts,
notes,
photo albums, etc.) shared each month
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
13

14.
Pushing out information to capture the attention of this wide marketplace of
consumers is a great role Facebook can play in your hospital marketing approach.
Posting comments on your wall about services, events or a healthcare topic can pull
customers in from their fan base and educate page visitors. Short educational videos
or announcements about events can be posted on the wall. Comments and “Like or
Dislike” provides immediate feedback. Recommend to your followers to discuss
personal stories about their care through your website or patient online community.
o Buzz can be created if enough users jump in and comment or share a link to
the wall posting. This viral marketing is what Facebook can help to generate.
Post links to your website to share.
o Grow your fan base and encourage user participation.
o Push out information to pull customers in from your fan base. Then redirect
back to the hospital website, effectively harnessing the power of the large
Facebook community but contain more private conversations for your
patients where your policies are in place.
o Participation on Facebook in a strategic way offers healthcare marketers
insights on what the Facebook crowd is saying about their organizations.
Hospitals can respond and participate in general terms in these
conversations.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
14

15.
Concerns Remaining
________________________________________________________
Facebook’s limited search capabilities would not lend itself to your customers finding
their own health needs. The search functionality on Facebook is lacking as users
cannot search for a specific disease state, hospital service or health condition and get
results that accumulate all posted information, video and images related to that
topic.
Specific health knowledge relating to their age, sex, and other medical conditions
would not be found on Facebook. It is not where a hospital would want to respond to
specific patient questions and interact in an intimate way. Nor is it easy to respect
patient privacy and direct the user to services and programs for specific diseases or
health conditions. These conversations call for a more private, protected
environment.
Demographic specific data collected on users may be questionable as to how
Facebook obtained this information. Information, if not voluntarily given, would be a
risk for hospital’s to use in marketing. Target marketing to specific populations would
be difficult unless a hospital created separate Facebook pages for those populations.
The current threat that Facebook or associated businesses could collect and share
data on these social networking sites and the disclosure process by which users are
notified that their private information is being shared is enough to keep hospitals at
bay until this is fully understood.
The recent events played out under the control of Facebook and maybe inadvertently
through bugs on Twitter demonstrate that these platforms do not currently provide a
safe and secure environment for patients and family members. But for many the
enticement of being in the conversation with millions of users poses too great an
opportunity to ignore. So what should be a hospital’s next steps once on Facebook?
Next Steps Beyond Facebook and Twitter in the
Social Media Continuum
______________________________________________________________________
#1 Use Facebook as a place to find your audience and direct them to the appropriate
platform for communication. Take the opportunity during all Facebook wall
conversations and postings to redirect the patient to your website and preferably a
more private online patient community. Feature short teaser videos of events at your
hospital or on specific health concerns relating to services your hospital wants to
market.
#2 Invite patients to private groups and forums that are disease specific or health
condition focused. Facebook would not be the place to openly engage with your
patients. Instead, offering up a patient community with the ability to create an online
“home” with privacy controls and security to get trusted expert advice, support on
coping with a disease, tips for care at home and lifestyle changes is a responsible
approach for healthcare organizations to take.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
15

16.
#3 Educate your users when privacy policies change on social media sites that you
use to engage with them. As a hospital forges into the social media world, it is
important first that they do so with the commitment to help their users protect their
PHI and other personal information while using these sites. If a hospital chooses to
be in the conversation, market and invite patients into this online social sphere then
they need to commit to keeping the users educated on how each user can protect
their PHI and personal information.
#4 Develop a well thought out Strategic Social Media Plan. Creating a philosophy
centered on the goals, objectives and values that your organization brings to the
social media space can be used as a springboard to measure performance, evaluate
emerging tools effectiveness, and reposition tactics to communicate best to your
customers. Weaving various communication channels into a more strategic approach
to your patient conversation will produce a more open, flexible and safe interaction.
Over time this will lead to a trusted and loyal community base for your healthcare
organization.
With a responsive strategic plan and infrastructure in place to support effective use
of these social media tools, hospitals can optimize their social media investment and
assure safe use by their patient community. To learn more about social media
strategy and online patient communities, read our paper, “The Online Empowered
Patient Has Come of Age; Is Your Hospital Part of the Conversation?”
Given the recent concerns raised about Facebook, hospitals entering into this social
media sphere to connect with patients need to be concerned. With Facebook
announcing these changes as they were happening, hospitals had little time to even
warn their users to protect their PHI (confidential, personal, identifiable health
information per HIPAA). With these concerns about privacy and security of personal
information that have recently surfaced, shouldn’t you reconsider your social media
strategy? Do you want a trusted partner that protects your patients PHI by providing
a private, secure environment for conversation and support of your patients?
We, at MyHealthCommunity, are able to provide such an environment.
Visit us at www.myhealthcommunity.net.
______________________________________________________________________________________
MyHealthCommunity Social Network, Inc. 135 Market St., Portsmouth, NH 03801
www.myhealthcommunity.net 603-553-2997
16